BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.troopers.de//tr26-cfp//speaker//HTA8GF
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-tr26-cfp-M7QTN7@cfp.troopers.de
DTSTART;TZID=CET:20260625T154500
DTEND;TZID=CET:20260625T161500
DESCRIPTION:Due to the increasing number and impact of computer security in
 cidents\, it has become essential to develop and implement efficient measu
 res for their investigation. However\, comprehensive forensic analyses are
  time-consuming\, and this time is often not available to security analyst
 s during acute computer security incidents. As a result\, automated tools 
 are increasingly being used. These tools\, however\, often cover only a li
 mited scope of the necessary analyses and typically require deep technical
  expertise to be used effectively. For this reasons\, we developed a frame
 work that enables the automated analysis of disk images in the context of 
 security incidents and is capable of identifying whether a system has been
  compromised. The framework orchestrates multiple established digital fore
 nsics and incident analysis tools through a decision-tree-based control lo
 gic. This decision tree governs the execution flow of integrated modules\,
  each representing a distinct analytical domain (e.g.\, file system analys
 is\, artifact extraction\, event log inspection). A live demonstration ill
 ustrates how analysts interact with the system\, which external analysis t
 ools are integrated\, and how the framework consolidates results into a st
 ructured\, analyst-oriented report. The framework was evaluated using both
  compromised and non-compromised disk images derived from real-world and s
 ynthetic computer security incidents. The evaluation assesses detection ca
 pabilities\, practical benefits for analysts\, and current limitations.
DTSTAMP:20260510T025808Z
LOCATION:Track 3
SUMMARY:Integrating Incident Analysis and Digital Forensics Tooling for Aut
 omated Compromise Detection - Ann-Marie Belz
URL:https://cfp.troopers.de/tr26-cfp/talk/M7QTN7/
END:VEVENT
END:VCALENDAR